<?php
require_once('include/func.class.php');


	$validate = $_POST['validate'];
	$validate = empty($validate) ? '' : strtolower(trim($validate));
	$svali = strtolower(GetCkVdValue());
	if($validate=='' || $validate != $svali){
		ResetVdValue();
		echo '<script type="text/javascript">alert("验证码不正确!");location.href="login.php";</script>';
		exit;
	}
	else{
		$username = $_POST['username'];
		$password = md5(md5($_POST['password']));
		
		$row = mysql_fetch_array(mysql_query("select * from admin where username='$username'"));
		if(!$row || $row['password'] != $password){
			echo '<script type="text/javascript">alert("用户名或密码不正确！");location.href="login.php";</script>';
			exit;
		}
		/*else if($row['checkadmin'] == 'false'){
			echo '<script type="text/javascript">alert("抱歉，您的账号被禁止登陆！");location.href="login.php";</script>';
			exit;
		}*/
		else{
			$logintime = time();
			$_SESSION['admin'] = $username;
			setcookie('user_id',$row['id']);
			$_SESSION['lastlogintime'] = $row['logintime'];
			$_SESSION['lastloginip'] = $row['loginip'];
			$_SESSION['logintime'] = $logintime;
			$loginip = gethostbyname($_SERVER['REMOTE_ADDR']);
			mysql_query("update admin set loginip='$loginip',logintime='$logintime' where username='$username'");
			echo '<script type="text/javascript">location.href="index.php";</script>';
			exit;
		}	
	}

?>